package org.apache.camel.quarkus.kafka.sasl;

import com.github.dockerjava.api.command.InspectContainerResponse;
import io.strimzi.test.container.StrimziKafkaContainer;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.camel.quarkus.test.support.kafka.KafkaTestResource;
import org.apache.camel.quarkus.test.support.kafka.KafkaTestSupport;
import org.apache.camel.util.CollectionHelper;
import org.apache.commons.io.FileUtils;
import org.testcontainers.images.builder.Transferable;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource.class */
public class KafkaSaslSslTestResource extends KafkaTestResource {
    private static final String KAFKA_KEYSTORE_FILE = "kafka-keystore.p12";
    private static final String KAFKA_KEYSTORE_PASSWORD = "kafkas3cret";
    private static final String KAFKA_KEYSTORE_TYPE = "PKCS12";
    private static final String KAFKA_TRUSTSTORE_FILE = "kafka-truststore.p12";
    private static final String KAFKA_CERTIFICATE_SCRIPT = "generate-certificates.sh";
    private static Path configDir;
    private SaslSslKafkaContainer container;

    /* loaded from: input_file:org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource$SaslSslKafkaContainer.class */
    static final class SaslSslKafkaContainer extends StrimziKafkaContainer {
        SaslSslKafkaContainer(String str) {
            super(str);
        }

        public String getBootstrapServers() {
            return String.format("SASL_SSL://%s:%s", getHost(), getMappedPort(9092));
        }

        protected void configure() {
            super.configure();
            Map ofEntries = Map.ofEntries(Map.entry("inter.broker.listener.name", "BROKER1"), Map.entry("listener.security.protocol.map", "SASL_SSL:SASL_SSL,BROKER1:PLAINTEXT"), Map.entry("zookeeper.sasl.enabled", "false"), Map.entry("sasl.enabled.mechanisms", "SCRAM-SHA-512"), Map.entry("sasl.mechanism.inter.broker.protocol", "SCRAM-SHA-512"), Map.entry("ssl.keystore.location", "/etc/kafka/secrets/kafka-keystore.p12"), Map.entry("ssl.keystore.password", KafkaSaslSslTestResource.KAFKA_KEYSTORE_PASSWORD), Map.entry("ssl.keystore.type", KafkaSaslSslTestResource.KAFKA_KEYSTORE_TYPE), Map.entry("ssl.truststore.location", "/etc/kafka/secrets/kafka-truststore.p12"), Map.entry("ssl.truststore.password", KafkaSaslSslTestResource.KAFKA_KEYSTORE_PASSWORD), Map.entry("ssl.truststore.type", KafkaSaslSslTestResource.KAFKA_KEYSTORE_TYPE), Map.entry("ssl.endpoint.identification.algorithm", ""));
            withEnv("KAFKA_OPTS", "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf");
            withBrokerId(1);
            withKafkaConfigurationMap(ofEntries);
            withLogConsumer(outputFrame -> {
                System.out.print(outputFrame.getUtf8String());
            });
        }

        protected void containerIsStarting(InspectContainerResponse inspectContainerResponse, boolean z) {
            super.containerIsStarting(inspectContainerResponse, z);
            copyFileToContainer(MountableFile.forClasspathResource("config/kafka_server_jaas.conf"), "/etc/kafka/kafka_server_jaas.conf");
            Stream.of((Object[]) new String[]{KafkaSaslSslTestResource.KAFKA_KEYSTORE_FILE, KafkaSaslSslTestResource.KAFKA_TRUSTSTORE_FILE}).forEach(str -> {
                try {
                    copyFileToContainer(Transferable.of(Files.readAllBytes(KafkaSaslSslTestResource.configDir.resolve(str))), "/etc/kafka/secrets/" + str);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            });
            copyFileToContainer(Transferable.of("#!/bin/bash\nKAFKA_OPTS= /opt/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'SCRAM-SHA-512=[iterations=8192,password=alice-secret]' --entity-type users --entity-name alice".getBytes(StandardCharsets.UTF_8), 509), "/setup-users.sh");
        }

        protected void containerIsStarted(InspectContainerResponse inspectContainerResponse) {
            super.containerIsStarted(inspectContainerResponse);
            try {
                execInContainer(new String[]{"/setup-users.sh"});
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public Map<String, String> start() {
        try {
            configDir = Files.createTempDirectory("KafkaSaslSslTestResource-", new FileAttribute[0]);
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Stream.of((Object[]) new String[]{"kafka_server_jaas.conf", KAFKA_KEYSTORE_FILE, KAFKA_TRUSTSTORE_FILE}).forEach(str -> {
                try {
                    InputStream resourceAsStream = contextClassLoader.getResourceAsStream("config/" + str);
                    try {
                        Files.copy(resourceAsStream, configDir.resolve(str), new CopyOption[0]);
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            });
            KafkaTestSupport.regenerateCertificatesForDockerHost(configDir, KAFKA_CERTIFICATE_SCRIPT, KAFKA_KEYSTORE_FILE, KAFKA_TRUSTSTORE_FILE);
            this.container = new SaslSslKafkaContainer(KAFKA_IMAGE_NAME);
            this.container.waitForRunning();
            this.container.start();
            return CollectionHelper.mapOf("camel.component.kafka.brokers", this.container.getBootstrapServers(), new Object[]{"camel.component.kafka.sasl-mechanism", "SCRAM-SHA-512", "camel.component.kafka.sasl-jaas-config", "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"alice\" password=\"alice-secret\";", "camel.component.kafka.security-protocol", "SASL_SSL", "camel.component.kafka.ssl-key-password", KAFKA_KEYSTORE_PASSWORD, "camel.component.kafka.ssl-keystore-location", configDir.resolve(KAFKA_KEYSTORE_FILE).toString(), "camel.component.kafka.ssl-keystore-password", KAFKA_KEYSTORE_PASSWORD, "camel.component.kafka.ssl-keystore-type", KAFKA_KEYSTORE_TYPE, "camel.component.kafka.ssl-truststore-location", configDir.resolve(KAFKA_TRUSTSTORE_FILE).toString(), "camel.component.kafka.ssl-truststore-password", KAFKA_KEYSTORE_PASSWORD, "camel.component.kafka.ssl-truststore-type", KAFKA_KEYSTORE_TYPE});
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void stop() {
        if (this.container != null) {
            try {
                this.container.stop();
                FileUtils.deleteDirectory(configDir.toFile());
            } catch (Exception e) {
            }
        }
    }
}
